McDonald’s AI hiring bot exposed 64 million applicants’ details

The McHire website fell to a simple ‘123456’ password attempt

Basic security flaws left millions of applicants’ personal data accessible on McDonald’s McHire website.

More than 90% of McDonald’s franchisees use McHire.com for recruitment, where applicants chat with a bot called Olivia, created by Paradox.ai. Olivia collects their personal information and shift preferences, as well as administering personality tests.

Paradox’s system, it turns out, featured security flaws so basic they bordered on the absurd, until it was alerted by two white hat hackers/security researchers: Ian Carroll and Sam Curry.

Carroll and Curry were first drawn to McHire by complaints on Reddit that the bot was spouting nonsense and forcing users into a loop.

Caroll told Wired he thought the use of a chatbot to screen new hires was “uniquely dystopian,” and wanted to investigate.

“I started applying for a job, and then after 30 minutes, we had full access to virtually every application that's ever been made to McDonald's going back years.”

The researchers began by testing Olivia for prompt injection vulnerabilities. Finding no such flaws, they decided to try signing in as a McDonald’s franchisee to access the website’s backend. But in that process, they spotted a separate login area for Paradox employees.

“Without much thought, we entered ‘123456' as the username and '123456' as the password, and were surprised to see we were immediately logged in!”

The duo found themselves with administrator access to a test restaurant on McHire, where all the listed employees appeared to be Paradox.ai developers. This restaurant was able to see all in-progress conversations with Olivia, and intervene when applicants reached a certain stage.

That included a new application they started from the public-facing side of McHire, for which they – as admins – were able to see an applicant ID number above 64 million.

That was when Carroll and Curry found the other vulnerability: these ID numbers were not randomly generated, but sequential. Incrementing the number down would show someone’s else’s chat logs with Olivia, including all the personal information they had shared.

The researchers checked a handful (Paradox says seven) of applications, five of which contained personal information including their name, email address, phone number and physical address.

After disclosing the vulnerability to both Paradox.ai and McDonald’s it was fixed in two days, but Paradox certainly has egg on its face over such a basic security flaw. The company published a blog post about the incident yesterday, where it admits “none of our penetration tests previously identified the issue,” and the test account Carroll and Curry used had not been logged into since 2019 - “and frankly, should have been decommissioned.”